Pass MCP configuration inline via --additional-mcp-config flag using environment variable

[Copilot]

Copilot CLI now receives MCP configuration via --additional-mcp-config flag instead of reading from ~/.copilot/mcp-config.json. All configuration remains in memory with no file writes.

Changes

Shell Scripts

• convert_gateway_config_copilot.sh: Output compact JSON to stdout (jq -c) instead of writing to file
• start_mcp_gateway.sh: Store converted JSON in GH_AW_COPILOT_MCP_CONFIG environment variable and output to GitHub Actions step output using multiline string syntax

Go Code

• copilot_engine_execution.go: Set GH_AW_COPILOT_MCP_CONFIG environment variable from step output and pass to copilot via --additional-mcp-config "$(printf %q "$GH_AW_COPILOT_MCP_CONFIG")" with proper quote escaping
• Remove GH_AW_MCP_CONFIG environment variable (no longer needed)

Tests

• playwright_allowed_domains_secrets_test.go: Update to check MCP gateway input instead of file writes

Compiled Output

Before:

env:
  GH_AW_MCP_CONFIG: /home/runner/.copilot/mcp-config.json
run: |
  mkdir -p /home/runner/.copilot
  cat > /home/runner/.copilot/mcp-config.json << EOF
  {"mcpServers": {...}}
  EOF
  copilot --prompt "..." ...

After:

run: |
  copilot --additional-mcp-config "$(printf %q "$GH_AW_COPILOT_MCP_CONFIG")" --prompt "..." ...
env:
  GH_AW_COPILOT_MCP_CONFIG: ${{ steps.start-mcp-gateway.outputs.copilot-mcp-config }}

Security & Encoding Safety

• JSON is compacted via jq -c and stored in environment variable
• Step output passed to environment variable prevents template injection vulnerabilities
• printf %q properly escapes JSON containing both single quotes (') and double quotes (")
• No file writes - configuration is truly in-memory only
• No string interpolation or user input in the pipeline

Impact: Copilot engine only. Claude/Codex/Custom engines unchanged.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

---

Changeset

• Type: patch
• Description: Pass Copilot's MCP gateway configuration via --additional-mcp-config so the setup stays in memory instead of writing mcp-config.json.

Generated by Changeset Generator

[pelikhan]

@copilot you need to add the argument in a way that handles the case where the JSON payload contains quotes " and single quotes '

[pelikhan]

@copilot keep working

[Copilot]

@copilot keep working

Completed in 5e863bc. The --additional-mcp-config flag now uses printf %q to properly escape JSON with quotes:

--additional-mcp-config "$(printf %q "$GH_AW_COPILOT_MCP_CONFIG")"

This handles both single quotes (') and double quotes (") in the JSON payload correctly. The printf %q shell builtin quotes strings in a format that can be safely reused as shell input, properly escaping all special characters.

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

🧪 Smoke Project is now testing project operations...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

✅ Changeset Generator completed successfully!

[github-actions]

❌ Smoke Project encountered failures. Check the logs for details.

[github-actions]

📰 DEVELOPING STORY: Smoke Copilot reports failed. Our correspondents are investigating the incident...

[github-actions]

Smoke test (Codex)
Merged PRs: #14817 [docs] Remove bloat from errors.md documentation; #14802 Add disable-agentic-editing frontmatter field to Astro docs
GitHub MCP: ✅
Serena (activate + find_symbol>=3): ✅
Playwright title contains GitHub: ✅
File write + cat: ✅
Build (make build): ✅
Overall: PASS

AI generated by Smoke Codex